Litcius/Paper detail

Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

Diah Sulistyowati, Fitri Handayani, Yohan Suryanto

2020JOIV International Journal on Informatics Visualization60 citationsDOIOpen Access PDF

Abstract

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities. However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

Topics & Concepts

COBITStandard of Good PracticeInformation Technology Infrastructure LibraryComputer securityInformation security management systemInformation securityInformation security standardsMaturity (psychological)Process managementInformation security managementInformation and Communications TechnologyCertified Information Security ManagerITIL security managementCertified Information Systems Security ProfessionalInformation technologyComputer scienceSecurity managementInformation technology managementBusinessInformation systemSecurity serviceSecurity information and event managementManagement information systemsEngineeringCloud computing securityOperating systemWorld Wide WebDevelopmental psychologyCloud computingElectrical engineeringPsychologyNetwork security policyInformation and Cyber Security
Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS | Litcius